nixfiles/hosts/koi/containers/torrent.nix

{ abs, pkgs, config, ... }@inputs:
let
  containers = (import (abs "lib/containers.nix") inputs);
in
{
  desu.secrets.qbt-dl-webhook.mode = "777";
  desu.secrets.torrent-proxy-env.mode = "777";
  
  imports = [
    (containers.mkNixosContainer {
      name = "torrent";
      ephemeral = false;
      ip = "10.42.0.9";
      private = false;

      config = { ... }: {
        imports = [
          (import (abs "services/qbittorrent.nix") inputs {
            port = 80;
            serviceConfig = {
              AmbientCapabilities = "CAP_NET_BIND_SERVICE";
            };
            setup = { config, ... }: ''
              mkdir -p /var/lib/qbittorrent/temp
              dl_webhook=`cat /mnt/secrets/qbt-dl-webhook`
              sed -i "s|%DL_WEBHOOK%|$dl_webhook|g" ${config}
            '';
            config = {
              Preferences = {
                # auth is managed by oidc proxy
                "WebUI\\AuthSubnetWhitelist" = "0.0.0.0/0"; 
                "WebUI\\AuthSubnetWhitelistEnabled" = "true";
                "WebUI\\ReverseProxySupportEnabled" = "true";
                "WebUI\\TrustedReverseProxiesList" = "10.42.0.2";
                "WebUI\\HostHeaderValidation" = "false";
                "WebUI\\CSRFProtection" = "false";
              };
              BitTorrent = {
                "Session\\DefaultSavePath" = "/mnt/download";
                "Session\\DisableAutoTMMByDefault" = "false";
                # puffer is an hdd, which bottlenecks the download speed
                # upload speed doesn't matter that much
                "Session\\TempPath" = "/var/lib/qbittorrent/temp";
                "Session\\TempPathEnabled" = "true";
                "Session\\Port" = "13370";
              };
              Network = {
                "PortForwardingEnabled" = "false";
                "Proxy\\IP" = "10.42.0.2";
                "Proxy\\Port" = "@Variant(\\0\\0\\0\\x85\\x1e\\xd2)"; # 7890
                "Proxy\\Type" = "SOCKS5";
                "Proxy\\HostnameLookupEnabled" = "true";
              };
              AutoRun = {
                enabled = "true";
                program = "/run/current-system/sw/bin/curl \\\"%DL_WEBHOOK%\\\" -X POST -d \\\"%N\\\"";
              };
            };
          })
        ];
        networking.firewall.allowedTCPPorts = [ 80 13370 ];
        networking.firewall.allowedUDPPorts = [ 13370 ];
      };

      mounts = {
        "/mnt/download" = {
          hostPath = "/mnt/puffer/Downloads";
          isReadOnly = false;
        };
        "/mnt/secrets/qbt-dl-webhook" = {
          hostPath = config.desu.secrets.qbt-dl-webhook.path;
          isReadOnly = true;
        };
      };
    })
  ];

  desu.openid-proxy.services.torrent = {
    clientId = "299749111337385990";
    domain = "torrent.stupid.fish";
    upstream = "http://torrent.containers";
    envSecret = "torrent-proxy-env";
  };

  services.nginx.virtualHosts."torrent.stupid.fish" = {
    forceSSL = true;
    useACMEHost = "stupid.fish";

    locations."/" = {
      proxyPass = "http://torrent-oidc.docker$request_uri";
    };
  };
}
refactor: avoid importing libs 2024-11-23 16:37:34 +03:00			`{ abs, pkgs, config, ... }@inputs:`
initial commit 2024-01-08 07:49:51 +03:00			`let`
			`containers = (import (abs "lib/containers.nix") inputs);`
			`in`
			`{`
refactor: avoid importing libs 2024-11-23 16:37:34 +03:00			`desu.secrets.qbt-dl-webhook.mode = "777";`
			`desu.secrets.torrent-proxy-env.mode = "777";`

initial commit 2024-01-08 07:49:51 +03:00			`imports = [`
			`(containers.mkNixosContainer {`
			`name = "torrent";`
			`ephemeral = false;`
chore(koi): torrent container adjustments 2024-06-15 07:16:01 +03:00			`ip = "10.42.0.9";`
			`private = false;`
initial commit 2024-01-08 07:49:51 +03:00
			`config = { ... }: {`
			`imports = [`
			`(import (abs "services/qbittorrent.nix") inputs {`
			`port = 80;`
			`serviceConfig = {`
			`AmbientCapabilities = "CAP_NET_BIND_SERVICE";`
			`};`
qbt download finish webhook 2024-03-03 04:35:11 +03:00			`setup = { config, ... }: ''`
initial commit 2024-01-08 07:49:51 +03:00			`mkdir -p /var/lib/qbittorrent/temp`
refactor: avoid importing libs 2024-11-23 16:37:34 +03:00			dl_webhook=`cat /mnt/secrets/qbt-dl-webhook`
qbt download finish webhook 2024-03-03 04:35:11 +03:00			`sed -i "s\|%DL_WEBHOOK%\|$dl_webhook\|g" ${config}`
initial commit 2024-01-08 07:49:51 +03:00			`'';`
			`config = {`
			`Preferences = {`
chore: use oidc proxy for torrent 2024-11-02 14:53:18 +03:00			`# auth is managed by oidc proxy`
			`"WebUI\\AuthSubnetWhitelist" = "0.0.0.0/0";`
chore(koi): improved qbittorrent config 2024-07-11 16:08:29 +03:00			`"WebUI\\AuthSubnetWhitelistEnabled" = "true";`
			`"WebUI\\ReverseProxySupportEnabled" = "true";`
			`"WebUI\\TrustedReverseProxiesList" = "10.42.0.2";`
chore: use oidc proxy for torrent 2024-11-02 14:53:18 +03:00			`"WebUI\\HostHeaderValidation" = "false";`
			`"WebUI\\CSRFProtection" = "false";`
initial commit 2024-01-08 07:49:51 +03:00			`};`
			`BitTorrent = {`
			`"Session\\DefaultSavePath" = "/mnt/download";`
			`"Session\\DisableAutoTMMByDefault" = "false";`
			`# puffer is an hdd, which bottlenecks the download speed`
			`# upload speed doesn't matter that much`
			`"Session\\TempPath" = "/var/lib/qbittorrent/temp";`
			`"Session\\TempPathEnabled" = "true";`
chore(koi): torrent container adjustments 2024-06-15 07:16:01 +03:00			`"Session\\Port" = "13370";`
initial commit 2024-01-08 07:49:51 +03:00			`};`
			`Network = {`
chore(koi): torrent container adjustments 2024-06-15 07:16:01 +03:00			`"PortForwardingEnabled" = "false";`
initial commit 2024-01-08 07:49:51 +03:00			`"Proxy\\IP" = "10.42.0.2";`
			`"Proxy\\Port" = "@Variant(\\0\\0\\0\\x85\\x1e\\xd2)"; # 7890`
			`"Proxy\\Type" = "SOCKS5";`
			`"Proxy\\HostnameLookupEnabled" = "true";`
			`};`
qbt download finish webhook 2024-03-03 04:35:11 +03:00			`AutoRun = {`
			`enabled = "true";`
fix(koi): qbittorrent webhook 2024-09-05 01:08:50 +03:00			`program = "/run/current-system/sw/bin/curl \\\"%DL_WEBHOOK%\\\" -X POST -d \\\"%N\\\"";`
qbt download finish webhook 2024-03-03 04:35:11 +03:00			`};`
initial commit 2024-01-08 07:49:51 +03:00			`};`
			`})`
			`];`
chore(koi): torrent container adjustments 2024-06-15 07:16:01 +03:00			`networking.firewall.allowedTCPPorts = [ 80 13370 ];`
			`networking.firewall.allowedUDPPorts = [ 13370 ];`
initial commit 2024-01-08 07:49:51 +03:00			`};`

			`mounts = {`
			`"/mnt/download" = {`
			`hostPath = "/mnt/puffer/Downloads";`
			`isReadOnly = false;`
			`};`
refactor: avoid importing libs 2024-11-23 16:37:34 +03:00			`"/mnt/secrets/qbt-dl-webhook" = {`
			`hostPath = config.desu.secrets.qbt-dl-webhook.path;`
			`isReadOnly = true;`
			`};`
			`};`
initial commit 2024-01-08 07:49:51 +03:00			`})`
			`];`

chore: use oidc proxy for torrent 2024-11-02 14:53:18 +03:00			`desu.openid-proxy.services.torrent = {`
chore(koi): kanidm -> zitadel 2024-12-26 11:25:39 +03:00			`clientId = "299749111337385990";`
chore: use oidc proxy for torrent 2024-11-02 14:53:18 +03:00			`domain = "torrent.stupid.fish";`
			`upstream = "http://torrent.containers";`
			`envSecret = "torrent-proxy-env";`
			`};`

initial commit 2024-01-08 07:49:51 +03:00			`services.nginx.virtualHosts."torrent.stupid.fish" = {`
			`forceSSL = true;`
			`useACMEHost = "stupid.fish";`

			`locations."/" = {`
chore: use oidc proxy for torrent 2024-11-02 14:53:18 +03:00			`proxyPass = "http://torrent-oidc.docker$request_uri";`
initial commit 2024-01-08 07:49:51 +03:00			`};`
			`};`
			`}`